Confused about VPN Routing Options

Can anyone help me explain 3 type of VPN routing for example "To center and to other satellites through center" I have to add Center GW and two satellites gateways to the same vpn community?

To center only. No VPN routing actually occurs. Only connections between the satellite gateways and central gateway go through the VPN tunnel. Other connections are routed in the normal way

To center and to other satellites through center. Use VPN routing for connection between satellites. Every packet passing from a satellite gateway to another satellite gateway is routed through the central gateway. Connection between satellite gateways and gateways that do not belong to the community are routed in the normal way.

To center, or through the center to other satellites, to internet and other VPN targets. Use VPN routing for every connection a satellite gateway handles. Packets sent by a satellite gateway pass through the VPN tunnel to the central gateway before being routed to the destination address.

Re: Confused about VPN Routing Options

Hi,

To center only

Means only communication between Center to any Satellite and viceversa will be allowed.

In case you had more than one Satellite, those devices would not be able to reach each other's LAN networks through tunnel. Only Center networks are reachable (as defined in encryption domain and policy)

To center and to other satellites through center

Allows to route inside VPN Community.

If you want to reach Satellite_B LAN from Satellite_A LAN; you will have to pass through Center (hub and spoke).

If you centrally manage all devices, by checking this option you would be able to route traffic from LAN_B to LAN_A and viceversa without any other configuration since the encryption domains are automatically negotiated with Center gateway to allow this.

If the Satellites are locally managed devices, you will have to manually add the domain of Satellite_B to Center's domain (from Satellite_A perspective) and the domain of Satellite_A to Center's domain (from Satellite_B perspective) additionally to the networks already configured for Center to allow routing between both.

To center, or through the center to other satellites, to internet and other VPN targets

Allows you to route all traffic to Center gateway.

If you centrally manage all devices, by checking this option all traffic from Satellites (excluding local networks) would be sent to Central gateway. This is a way to set center Gateway as default route. By checking this option would allow not only Internet traffic, but to reach other VPN communities also (those where Center gateway participates).

If the Satellites are locally managed devices, you will have to configure an "universal tunnel" to allow Satellite to send all traffic to Center gateway.

You can find more information on VPN Admin Guide and more ways to route as you need by editing vpn_route.conf file.